Slashdot Mirror

← Back to Stories (view on slashdot.org)

Strong Passwords Not As Good As You Think

Posted by CmdrTaco on from the still-better-than-'password' dept.

Jamie noticed that Bruce Schneier wrote a piece on a paper on strong passwords that tells us that the old 'strong password' advice that many of us (myself included) regard as gospel might not be as true as we had hoped. They make things hard on users, but are useless against phishing and keyloggers. Everyone can change their password back to 'trustno1' now.

9 of 553 comments (clear)

  1. c'mon by greebowarrior · · Score: 4, Funny

    surely we should all be changing our passwords back to "Joshua"?

  2. Re:I'll repeat what I've said before: Use sentence by Nerdfest · · Score: 4, Funny

    Slashdot is an excellent source of many of these sentences, as with spelling mistakes they're even harder to brute-force.

  3. My password by Rik+Sweeney · · Score: 4, Funny

    I sometimes set my password to ******** It sounds stupid but it has two advantages:

    1. I know that I've typed in a * because I can see it

    and, most importantly

    2. When I have to repeat my password to confirm it, I can just copy and paste the previous field, saving me literally seconds of typing

    --
    Summation 2
  4. Re:HEY! by Yvan256 · · Score: 4, Funny

    1-2-3-4-5? That's amazing. I've got the same combination on my planetary air shield!

  5. Re:News at 11 by grumpyman · · Score: 4, Funny
    "Security" people who don't know anything about non-IT users like to make password rules that are so obtuse that normal users simply can't deal with them. The result is sticky noted passwords.

    .... while sys admin uses "admin" as password on servers/switches without the need to change, ever?

  6. Re:News at 11 by Deadstick · · Score: 5, Funny
    on my cubical wall

    Most of mine are planar...

    rj

  7. Re:limited application by Opportunist · · Score: 4, Funny

    It's a sticky note with gibberish on the monitor. What could it be.

    A friend of mine had a genuinely clever idea for a password: The serial key on the back of the monitor of the guy sitting opposite of him. He has it right in front of him, it's completely impossible to guess, no sticky note giving it away and yet it's written down and won't go away or get lost.

    He only has to call IT every other year when they upgrade monitors.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re:Woo hoo! by SlashBugs · · Score: 4, Funny

    "lepassword"?

  9. Re:News at 11 by sfarmstrong · · Score: 5, Funny

    I know! And "Area51" is like the only dictionary-like password within the constraints you describe, so I can crack the system in a single guess! And I'm practically guaranteed to get classified information with that kind of password!